Ask anything about this post!
Welcome to the world of Metasploitable3—a cornerstone in cybersecurity education, meticulously crafted by Rapid7, the masterminds behind the Metasploit Framework.
Imagine a virtual playground where vulnerabilities aren't just flaws but gateways to knowledge. Metasploitable3 isn't your average VM; it's your canvas for testing exploits, conducting security research, and sharpening your cybersecurity prowess.
Metasploitable3 is an intentionally vulnerable virtual machine (VM) designed to be used as a target for penetration testing and security research. Developed and maintained by Rapid7, the same team behind the Metasploit Framework, Metasploitable3 serves as a practical resource for learning and practicing cybersecurity skills in a controlled, legal environment.
Built from the ground up with a large number of security vulnerabilities, Metasploitable3 is primarily intended for testing exploits with Metasploit. This free virtual machine allows you to simulate attacks largely using Metasploit, providing a realistic and comprehensive environment for various cybersecurity activities.
Metasploitable3 needs to be built manually because it is based on Windows Server 2008, and as per the licensing specified by Windows, it is illegal to distribute any version of Windows in any form regardless of whether it is a VM image or an ISO file. As a result, you must install several virtualization management and deployment tools:
Note:- This is official git repository of Metasploitable3 : Rapid7/metasploitable3
https://www.virtualbox.org/wiki/Downloads
https://www.vmware.com/products/desktop-hypervisor.html
https://developer.hashicorp.com/packer/tutorials/docker-get-started/get-started-install-cli
https://developer.hashicorp.com/vagrant/downloads
https://github.com/aidanns/vagrant-reload#installation
https://developer.hashicorp.com/vagrant/docs/providers/vmware/vagrant-vmware-utility
To install plugins run this commands:
vagrant plugin install vagrant-vbguest
vagrant plugin install vagrant-reload
vagrant plugin install vagrant-virtualbox
vagrant plugin install vagrant-vmware-desktop
We first need to download or clone the Metasploitable3 Github repository on to your system, if you have git client for windows, you can clone the repository directly. If you do not have git installed you can download the repository as a zip file and extract it to your working directory.
If you want to install the git client for Windows, you can download the setup here: https://gitforwindows.org
Note:- If you have Hyper-V enabled, please ensure it is disabled as VirtualBox will not work and can cause issues with the build process.
Let' clone the respository or you can download as zip.
git clone https://github.com/rapid7/metasploitable3.git
Once you have cloned the repository on to your system, you need to open a PowerShell session in the Metasploitable3 directory. After you have established a PowerShell session, you need to ensure that you have unrestricted access or privileges to execute scripts with Powershell. To do this we need to run the following command in PowerShell:
Set-ExecutionPolicy Unrestricted
Now go to extracted or cloned directory, make packer.pkr.hcl file and paste this instructions:
Ensure you have a packer.hcl file in your project directory with the required plugins:
packer {
required_plugins {
vagrant = {
version = ">= 1.0.0"
source = "github.com/hashicorp/vagrant"
}
}
}
Run packer init to install the necessary plugins:
packer init .
Make sure to open your PowerShell as Administrator in your extracted Metatsploitable3 File and Follow next steps:
To list all downloaded image. Run this command:
vagrant box list
If there is any previous image you can remove it.
vagrant box remove rapid7/metasploitable3-ub1404 --provider virtualbox
agrant box remove rapid7/metasploitable3-win2k8 --provider virtualbox
Run this commands to setup the new installation
vagrant box add rapid7/metasploitable3-ub1404 --provider virtualbox
vagrant box add rapid7/metasploitable3-ub1404 --provider virtualbox
vagrant up --provider=virtualbox
Now navigate from your extracted Metasploitabl3 directory to this for VirtualBox Images
.vagrant/machines/ub1404/virtualbox
.vagrant/machines/win2k8/virtualbox
To list all downloaded image. Run this command:
vagrant box list
If there is any previous image you can remove it.
vagrant box remove rapid7/metasploitable3-ub1404 --provider vmware_desktop
vagrant box remove rapid7/metasploitable3-win2k8 --provider vmware_desktop
Run this commands to setup the new installation
vagrant box add rapid7/metasploitable3-ub1404 --provider vmware_desktop
vagrant box add rapid7/metasploitable3-ub1404 --provider vmware_desktop
vagrant up --provider=vmware_desktop
Now navigate from your extracted Metasploitabl3 directory to this for VMware Images
.vagrant/machines/ub1404/vmware_desktop
.vagrant/machines/win2k8/vmware_desktop
Metasploitable3 is a crucial tool for cybersecurity professionals and enthusiasts. It provides a safe, legal environment to practice penetration testing and develop exploits with Metasploit. The VM's intentional vulnerabilities allow users to simulate real-world attacks, enhancing their practical skills.
Though building Metasploitable3 requires installing tools like Packer and Vagrant and following setup steps, the process is worthwhile. The resulting VM serves as an excellent resource for training, testing, and improving network security skills. By following the setup guide, users can efficiently create and use Metasploitable3 for educational and professional growth. Happy hacking
Thank you for reading our blog!
We have a Discord community where you can ask questions and get help from the community.
No comments yet. Be the first to share your thoughts!